npm - @mcpspec/server - Versions diffs - 1.0.2 → 1.1.0 - Mend

@mcpspec/server 1.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +7 -1
package/dist/index.d.ts +6 -1
package/dist/index.js +257 -4
package/package.json +3 -3
package/ui-dist/assets/index-CMNP6jgH.js +361 -0
package/ui-dist/assets/index-CMNP6jgH.js.map +1 -0
package/ui-dist/assets/index-Cx7lB-i0.css +1 -0
package/ui-dist/index.html +2 -2
package/ui-dist/assets/index-Bet505kH.js +0 -346
package/ui-dist/assets/index-Bet505kH.js.map +0 -1
package/ui-dist/assets/index-DHdza0Ve.css +0 -1

package/README.md CHANGED Viewed

@@ -28,7 +28,7 @@ const server = await startServer({
 - `startServer(options?)` — Start the HTTP server with WebSocket support
 - `createApp(options)` — Create the Hono app without starting a server (for testing/embedding)
-- `Database` — sql.js (WASM SQLite) database for storing servers, collections, runs, and audit results
+- `Database` — sql.js (WASM SQLite) database for storing servers, collections, runs, recordings, and audit results
 - `WebSocketHandler` — Real-time event broadcasting over WebSocket
 - `UI_DIST_PATH` — Path to the bundled web UI static files
@@ -58,6 +58,12 @@ const server = await startServer({
 | POST | `/api/inspect/connect` | Start inspect session |
 | POST | `/api/inspect/call` | Call a tool in session |
 | POST | `/api/inspect/disconnect` | End inspect session |
+| POST | `/api/inspect/save-recording` | Save session as recording |
+| GET | `/api/recordings` | List recordings |
+| GET | `/api/recordings/:id` | Get recording |
+| POST | `/api/recordings` | Save a recording |
+| DELETE | `/api/recordings/:id` | Delete recording |
+| POST | `/api/recordings/:id/replay` | Replay recording against server |
 | POST | `/api/audit` | Start security audit |
 | POST | `/api/benchmark` | Start benchmark |
 | POST | `/api/docs/generate` | Generate documentation |

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { Hono } from 'hono';
-import { SavedServerConnection, SavedCollection, TestRunRecord, TestSummary, TestResult } from '@mcpspec/shared';
+import { SavedServerConnection, SavedCollection, TestRunRecord, TestSummary, TestResult, SavedRecording } from '@mcpspec/shared';
 import { IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
@@ -35,8 +35,13 @@ declare class Database {
         duration?: number;
     }): TestRunRecord | null;
     deleteRun(id: string): boolean;
+    listRecordings(): SavedRecording[];
+    getRecording(id: string): SavedRecording | null;
+    createRecording(data: Omit<SavedRecording, 'id' | 'createdAt' | 'updatedAt'>): SavedRecording;
+    deleteRecording(id: string): boolean;
     private rowToServer;
     private rowToCollection;
+    private rowToRecording;
     private rowToRun;
 }

package/dist/index.js CHANGED Viewed

@@ -257,7 +257,7 @@ function coerceCollection(raw) {
 }
 // src/routes/inspect.ts
-import { inspectConnectSchema, inspectCallSchema } from "@mcpspec/shared";
+import { inspectConnectSchema, inspectCallSchema, saveInspectRecordingSchema } from "@mcpspec/shared";
 import { MCPClient as MCPClient2, ProcessManagerImpl as ProcessManagerImpl2 } from "@mcpspec/core";
 import { randomUUID } from "crypto";
 var MAX_LOG_ENTRIES = 1e4;
@@ -275,7 +275,7 @@ setInterval(() => {
     }
   }
 }, 6e4);
-function inspectRoutes(app, wsHandler) {
+function inspectRoutes(app, db, wsHandler) {
   app.post("/api/inspect/connect", async (c) => {
     const body = await c.req.json();
     const parsed = inspectConnectSchema.safeParse(body);
@@ -434,10 +434,82 @@ function inspectRoutes(app, wsHandler) {
     sessions.delete(sessionId);
     return c.json({ data: { disconnected: true } });
   });
+  app.post("/api/inspect/save-recording", async (c) => {
+    if (!db) {
+      return c.json({ error: "unavailable", message: "Database not configured" }, 500);
+    }
+    const body = await c.req.json();
+    const parsed = saveInspectRecordingSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "validation_error", message: parsed.error.message }, 400);
+    }
+    const session = sessions.get(parsed.data.sessionId);
+    if (!session) {
+      return c.json({ error: "not_found", message: "Session not found or expired" }, 404);
+    }
+    const steps = [];
+    const pendingCalls = /* @__PURE__ */ new Map();
+    for (const entry of session.protocolLog) {
+      if (entry.direction === "outgoing" && entry.method === "tools/call") {
+        const msg = entry.message;
+        const params = msg.params;
+        if (params && entry.jsonrpcId != null) {
+          pendingCalls.set(entry.jsonrpcId, {
+            tool: params.name,
+            input: params.arguments ?? {},
+            sentAt: entry.timestamp
+          });
+        }
+      } else if (entry.direction === "incoming" && entry.jsonrpcId != null) {
+        const pending = pendingCalls.get(entry.jsonrpcId);
+        if (pending) {
+          const msg = entry.message;
+          const result = msg.result;
+          const isError = msg.error !== void 0 || result && result.isError === true;
+          const content = result?.content ?? [];
+          const durationMs = entry.roundTripMs ?? entry.timestamp - pending.sentAt;
+          steps.push({
+            tool: pending.tool,
+            input: pending.input,
+            output: content,
+            isError: isError || void 0,
+            durationMs
+          });
+          pendingCalls.delete(entry.jsonrpcId);
+        }
+      }
+    }
+    if (steps.length === 0) {
+      return c.json({ error: "no_calls", message: "No tool calls found in session to record" }, 400);
+    }
+    let toolList = [];
+    try {
+      const tools = await session.client.listTools();
+      toolList = tools.map((t) => ({ name: t.name, description: t.description }));
+    } catch {
+    }
+    const serverInfo = session.client.getServerInfo();
+    const recording = {
+      id: randomUUID(),
+      name: parsed.data.name,
+      description: parsed.data.description,
+      serverName: serverInfo?.name,
+      tools: toolList,
+      steps,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const saved = db.createRecording({
+      name: recording.name,
+      description: recording.description,
+      serverName: recording.serverName,
+      data: JSON.stringify(recording)
+    });
+    return c.json({ data: saved }, 201);
+  });
 }
 // src/routes/audit.ts
-import { auditStartSchema } from "@mcpspec/shared";
+import { auditStartSchema, auditDryRunSchema } from "@mcpspec/shared";
 import { MCPClient as MCPClient3, ProcessManagerImpl as ProcessManagerImpl3, SecurityScanner, ScanConfig } from "@mcpspec/core";
 import { randomUUID as randomUUID2 } from "crypto";
 var sessions2 = /* @__PURE__ */ new Map();
@@ -473,6 +545,7 @@ function auditRoutes(app, wsHandler) {
     const scanConfig = new ScanConfig({
       mode: parsed.data.mode,
       rules: parsed.data.rules,
+      excludeTools: parsed.data.excludeTools,
       acknowledgeRisk: true
       // UI handles confirmation client-side
     });
@@ -521,6 +594,45 @@ function auditRoutes(app, wsHandler) {
     })();
     return c.json({ data: { sessionId } });
   });
+  app.post("/api/audit/dry-run", async (c) => {
+    const body = await c.req.json();
+    const parsed = auditDryRunSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "validation_error", message: parsed.error.message }, 400);
+    }
+    const processManager = new ProcessManagerImpl3();
+    const config = {
+      transport: parsed.data.transport,
+      command: parsed.data.command,
+      args: parsed.data.args,
+      url: parsed.data.url,
+      env: parsed.data.env
+    };
+    const scanConfig = new ScanConfig({
+      mode: parsed.data.mode,
+      rules: parsed.data.rules,
+      excludeTools: parsed.data.excludeTools,
+      acknowledgeRisk: true
+    });
+    const client = new MCPClient3({ serverConfig: config, processManager });
+    try {
+      await client.connect();
+      const scanner = new SecurityScanner();
+      const result = await scanner.dryRun(client, scanConfig);
+      await client.disconnect();
+      await processManager.shutdownAll();
+      return c.json({ data: result });
+    } catch (err) {
+      await client.disconnect().catch(() => {
+      });
+      await processManager.shutdownAll().catch(() => {
+      });
+      return c.json(
+        { error: "dry_run_failed", message: err instanceof Error ? err.message : "Dry run failed" },
+        500
+      );
+    }
+  });
   app.get("/api/audit/status/:sessionId", (c) => {
     const sessionId = c.req.param("sessionId");
     const session = sessions2.get(sessionId);
@@ -820,16 +932,93 @@ function scoreRoutes(app, wsHandler) {
   });
 }
+// src/routes/recordings.ts
+import { saveRecordingSchema, replayRecordingSchema } from "@mcpspec/shared";
+import { MCPClient as MCPClient7, ProcessManagerImpl as ProcessManagerImpl7, RecordingReplayer, RecordingDiffer } from "@mcpspec/core";
+function recordingsRoutes(app, db) {
+  app.get("/api/recordings", (c) => {
+    const recordings = db.listRecordings();
+    return c.json({ data: recordings, total: recordings.length });
+  });
+  app.get("/api/recordings/:id", (c) => {
+    const recording = db.getRecording(c.req.param("id"));
+    if (!recording) {
+      return c.json({ error: "not_found", message: "Recording not found" }, 404);
+    }
+    return c.json({ data: recording });
+  });
+  app.post("/api/recordings", async (c) => {
+    const body = await c.req.json();
+    const parsed = saveRecordingSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "validation_error", message: parsed.error.message }, 400);
+    }
+    const recording = db.createRecording({
+      name: parsed.data.name,
+      description: parsed.data.description,
+      serverName: parsed.data.serverName,
+      data: parsed.data.data
+    });
+    return c.json({ data: recording }, 201);
+  });
+  app.delete("/api/recordings/:id", (c) => {
+    const deleted = db.deleteRecording(c.req.param("id"));
+    if (!deleted) {
+      return c.json({ error: "not_found", message: "Recording not found" }, 404);
+    }
+    return c.json({ data: { deleted: true } });
+  });
+  app.post("/api/recordings/:id/replay", async (c) => {
+    const saved = db.getRecording(c.req.param("id"));
+    if (!saved) {
+      return c.json({ error: "not_found", message: "Recording not found" }, 404);
+    }
+    const body = await c.req.json();
+    const parsed = replayRecordingSchema.safeParse(body);
+    if (!parsed.success) {
+      return c.json({ error: "validation_error", message: parsed.error.message }, 400);
+    }
+    const recording = JSON.parse(saved.data);
+    const processManager = new ProcessManagerImpl7();
+    const config = {
+      transport: parsed.data.transport,
+      command: parsed.data.command,
+      args: parsed.data.args,
+      url: parsed.data.url,
+      env: parsed.data.env
+    };
+    const client = new MCPClient7({ serverConfig: config, processManager });
+    try {
+      await client.connect();
+      const replayer = new RecordingReplayer();
+      const result = await replayer.replay(recording, client);
+      const differ = new RecordingDiffer();
+      const diff = differ.diff(recording, result.replayedSteps, result.replayedAt);
+      await client.disconnect();
+      await processManager.shutdownAll();
+      return c.json({ data: diff });
+    } catch (err) {
+      await client.disconnect().catch(() => {
+      });
+      await processManager.shutdownAll().catch(() => {
+      });
+      const message = err instanceof Error ? err.message : "Replay failed";
+      return c.json({ error: "replay_error", message }, 500);
+    }
+  });
+}
 // src/routes/index.ts
 function registerRoutes(app, db, wsHandler) {
   serversRoutes(app, db);
   collectionsRoutes(app, db);
   runsRoutes(app, db);
-  inspectRoutes(app, wsHandler);
+  inspectRoutes(app, db, wsHandler);
   auditRoutes(app, wsHandler);
   benchmarkRoutes(app, wsHandler);
   docsRoutes(app);
   scoreRoutes(app, wsHandler);
+  recordingsRoutes(app, db);
 }
 // src/app.ts
@@ -1003,6 +1192,21 @@ var MIGRATIONS = [
       )`,
       `INSERT INTO schema_version (version) VALUES (1)`
     ]
+  },
+  {
+    version: 2,
+    up: [
+      `CREATE TABLE IF NOT EXISTS recordings (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL,
+        description TEXT,
+        server_name TEXT,
+        data TEXT NOT NULL,
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+      )`,
+      `UPDATE schema_version SET version = 2`
+    ]
   }
 ];
 function getSchemaVersion(db) {
@@ -1225,6 +1429,44 @@ var Database = class {
     this.save();
     return true;
   }
+  // --- Recordings ---
+  listRecordings() {
+    const stmt = this.db.prepare("SELECT * FROM recordings ORDER BY updated_at DESC");
+    const rows = [];
+    while (stmt.step()) {
+      rows.push(this.rowToRecording(stmt.getAsObject()));
+    }
+    stmt.free();
+    return rows;
+  }
+  getRecording(id) {
+    const stmt = this.db.prepare("SELECT * FROM recordings WHERE id = ?");
+    stmt.bind([id]);
+    if (!stmt.step()) {
+      stmt.free();
+      return null;
+    }
+    const row = this.rowToRecording(stmt.getAsObject());
+    stmt.free();
+    return row;
+  }
+  createRecording(data) {
+    const id = randomUUID5();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    this.db.run(
+      `INSERT INTO recordings (id, name, description, server_name, data, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?)`,
+      [id, data.name, data.description ?? null, data.serverName ?? null, data.data, now, now]
+    );
+    this.save();
+    return this.getRecording(id);
+  }
+  deleteRecording(id) {
+    const existing = this.getRecording(id);
+    if (!existing) return false;
+    this.db.run("DELETE FROM recordings WHERE id = ?", [id]);
+    this.save();
+    return true;
+  }
   // --- Row mappers ---
   rowToServer(row) {
     return {
@@ -1249,6 +1491,17 @@ var Database = class {
       updatedAt: row["updated_at"]
     };
   }
+  rowToRecording(row) {
+    return {
+      id: row["id"],
+      name: row["name"],
+      description: row["description"] || void 0,
+      serverName: row["server_name"] || void 0,
+      data: row["data"],
+      createdAt: row["created_at"],
+      updatedAt: row["updated_at"]
+    };
+  }
   rowToRun(row) {
     return {
       id: row["id"],

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mcpspec/server",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -28,8 +28,8 @@
     "@hono/node-server": "^1.13.0",
     "sql.js": "^1.11.0",
     "ws": "^8.18.0",
-    "@mcpspec/shared": "1.0.2",
-    "@mcpspec/core": "1.0.2"
+    "@mcpspec/core": "1.1.0",
+    "@mcpspec/shared": "1.1.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",